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Secure Electronic Deposit Box System 

This invention relates to a secure electronic deposit box system and related method. The 
applicant has named the inventive system as "Vault" (trademark). Vault is an Online 
5 Internet/Intranet zone (like a Bank) containing electronic Safety Deposit boxes. Users 

data is protected by Password User names and Digital Certificates. Any electronic data 
can be stored in a safe environment. The Vault's Safety deposit boxes can be uses for 
secure electronic transactions of data between identified and invited participants or as 
storage points for data. The "Vault" can therefore be used in one embodiment as a 
10 secure working environment, for example, public sector electronic tendering or as a 

simple secure electronic deposit box for personal use. 

Although technologies for securely encrypting data which is sent over TCP/IP 
(Transmission Control Protocol/Internet Protocol) based computer networks such as the 
Internet or an intranet are well-established, the current state of the an only allows secure 
1 5 transmission of data on a peer-to-peer basis. 

There is currently no system which allows users to securely and easily store data on their 
own account on a centralised server over the Internet or over an intranet and/or share that 
data with invited participants (users who are not account holders but who are allowed 
certain access privileges to the data at certain times), or set predetermined dates and 
20 times when those invited participants can gain access (whether read-only, write-only or 

read/write) to said data. 

A number of problems exist in the prior art, for example: 

Authentication of participants cannot be carried out over the internet with confidence. 
Data cannot be stored and shared over the internet with confidence. 
25 Data Integrity cannot be guaranteed. 

It is an object of at least one embodiment of at least one aspect of the present invention 
to provide a system that substantially mirrors electronically the public sector tendering 
system, covered in the UK by EC tendering regulation. 

It is an object of at least one embodiment of at least one aspect of the present invention 
*0 to provide a system that uses Digital Certificates as a validation of users to an electronic 

safety deposit box. 

It is an object of at least one embodiment of at least one aspect of the present invention 
to provide a system which provides the necessary levels of for the storage of important 
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electronic data at low cost and without any need for client-side proprietary or bespoke 
software or hardware. All that is required is a personal computer, an Internet connection 
and a standard web browser. The invention seeks to mirror the paper based procurement 
process and allows buyers and suppliers to action business with full confidence in the 
5 security of the date the share/transmit or deposit. 

Summary of the invention 

According to a first aspect of the present invention there is provided a method of 
controlling access to electronic information comprising the steps of providing: 

at least one user apparatus; 

10 a remote server; 

a communications link between the at least one user apparatus and the remote server; 

allocating disk storage space on the remote server unique to the at least one user 
apparatus; 

allowing the at least one user access to the storage space via secure encryption of data 
15 , sent to/from the user apparatus and the server and username/password login to the 

server. 

By this arrangement, the at least one user apparatus may send data in the form of 
documentation to the disk storage space and may also access the documentation on the 
disk storage space. 

20 Preferably the secure encryption comprises: 

transactions between user and server being encrypted using SSL (Secure Socket Layer); 
and transactions involving access to the storage space being further protected by 
requirement for the user to present a Digital Certificate. 

Preferably the Digital Certificate is required whenever the user attempts to read/write to 
25 and from the storage space. 

Preferably the data sent by the user apparatus is encrypted by public key in the case of 
SSL transactions and additionally by private key (via presentation of Digital Certificate) 
in the case of accessing the data storage space. 

Preferably the data received by the server is decrypted via private key in the case of SSL 
30 transactions and by public key in the case of Digital Certificate verification accessing the 

data storage space. 

Preferably the method further comprises the additional step of optionally allowing at 
least one further user access to the data storage space. 
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Preferably the further users access to the data storage space can be managed by the at 
least one user with regards to times and dates when the at least one further user can write 
and/or read the data storage space. 

According to a second aspect there is provided an electronic safety deposit box system 
5 comprising: 

at least one user apparatus; 

a remote server; 

a communications link between the at least one user apparatus and the remote server; 

disk storage space allocated on the remote server unique to the at least one user 
10 apparatus; 

and means for allowing the at least one user access to the storage space via secure 
encryption of data sent to/from the user apparatus and the server and 
username/password login to the server. 

According to a third aspect of the present invention there is provided a method of 
15 providing an account-based Internet/intranet service which allows account holders to 

create at least one secure electronic 'deposit box* on a centralised server, in which can 
be stored documentation in a secure environment, manage timeframes for other invited 
participants to access this documentation and/or upload further documentation of their 
own, and track all activity which takes place relating to their deposit box or boxes. 

20 According to a fourth of the present invention there is provided a Secure Electronic 

Deposit Box System, which is an account-based Intqrnet/intranet server system with a 
Web (HTTP) interface for uploading and downloading documentation onto a centralised 
server in a secure environment. It uses Digital Certificate technology such as provided 
by BTTrustwise in association with VeriSign to ensure data confidentiality, data 

25 integrity, data authentication, non repudiation and proof of origin and receipt. 

A basic 'unit* of storage in the Secure Electronic Deposit Box System is a 
combination of disk storage space and dynamically updated information stored on a 
database. For the sake of convenience, hereinafter the applicant refers to this 
combination as an Secure Electronic Deposit Box (SEDB). 

30 Users who create Secure Electronic Deposit Boxes must first create an account on the 

system. These types of users are hereafter referred to an Account Holders. They are 
able to create a table of other users (hereafter referred to as Invited Participants) 
associated with a specific SEDB by filling and submitting Web-based forms. The 
Account Holders can control when the Invited Participants can be given read, write, or 

35 read/write access to the Secure Electronic Deposit. Invited Participants must apply for 
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and install a Digital Certificate on their Web browser before they have access to the 
SEDB. 

Users access the Secure Electronic Deposit Box System via Web browser and email 
client, and require no specialised hardware or software. Once an Account Holder has 
5 created an account on the Secure Electronic Deposit Box system, they can create as 

many Secure Electronic Deposit Boxes as they wish. 

The * documentation* referred to above can be almost any kind of computer data file, 
including plain text, word processing, spreadsheet, presentation, image, movie or sound 
files. 

10 The Secure Electronic Deposit Box System features a unique 'event tracking 9 system, 

allowing certain user-defined events which can be carried out automatically at a 
predetermined date and time. These 'events' are the granting or withdrawal of access 
privileges to a inviied participant. The event-tracking system is also used to alert users 
via email notification of certain events that are about to occur, (for instance the closing 

15 date and time of a bid for which documentation is required to be uploaded onto the 

Secure Electronic Deposit Box System). 

It features an 'activity log', allowing owners of a the Secure Electronic Deposit Box 
System account to easily determine what activity has taken place pertaining to the 
Secure Electronic Deposit Boxes they have created. 

20 It features an email messaging system, allowing the Secure Electronic Deposit Box 

System account holders to send messages via a Web interface to multiple users whom 
they have entered onto their system. 

Although the Secure Electronic Deposit Box requires no special software or hardware to 
be installed on any of its users' computers, it can be modified to work with smart card 
25 readers and other specialised hardware to provide extra layers of security. 

According to a fifth aspect of the present invention there is provided a computer 
program product for use in any of the aforementioned aspects of the present invention. 

According to a sixth aspect of the present invention there is provided a computer 
program for use in any of the aforementioned aspects of the present invention. 

30 Brief description of drawings 

A number of embodiments of the present invention will now be described by way of 
example only with reference to the accompanying drawings, which are: 
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Figure 1: A schematic representation of an electronic security/tender box system, 
according to an embodiment of the present invention creating a new Secure Electronic 
Deposit/Tender Box (SEDB); 

Figure 2: A schematic representation of an electronic security/tender box system, 
5 according to an embodiment of the present invention uploading of ITT (Invitation To 

Tender) documentation onto the newly created SEDB; 

Figure 3: A schematic representation of an electronic security/tender box system, 
according to an embodiment of the present invention wherein after a predetermined 
date/time selected tenderers are able to access the ITT documentation stored on the 
10 SEDB; 

Figure 4: A schematic representation of an electronic security/tender box system, 
according to an embodiment of the present invention wherein selected tenderers upload 
their responses to the ITT onto the SEDB, and emails are sent notifying the user of the 
fact; 

15 Figure 5: A schematic representation of an electronic security/tender box system, 

according to an embodiment of the present invention, wherein, after a predetermined 
date/time access to the documentation uploaded by the selected tenderers is granted to 
the user and the user is then able to download the documentation, the selected tenderers 
being notified by email of the fact. 

20 Detailed description of the drawings 

Referring to figures 1-5, there is illustrated a method of controlling access to electronic 
information comprising the steps of providing: 

at least one user apparatus 5 ; 

a remote server 10; 

25 a communications link 15 between the at least one user apparatus 5 and the remote 

server 10 ; 

allocating disk storage space 20 on the remote server 10 unique to the at least one user 
apparatus 5; 

allowing the at least one user access to the storage space 20 via secure encryption of 
30 data sent to/from the user apparatus 5 and the server 10 and username/password login to 

the server 10. 

The user apparatus 5 remote server 10 communications link 15 and disk storage space 20 
together provide a Secure Electronic Deposit/Tender Box System 25 consisting of a 
secure Web server with the following additional software components installed: 
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• HTTPS enabled Web server software 

• Administration software for issuing digital certificates 

• A CGI (Common Gateway Interface) application, for providing the Web interface to 
the end users, and utilising interface libraries to an RDBMS and SMTP (Simple Mail 

5 Transfer Protocol). 

• A RDBMS (Relational Database Management System) server 

• Event-tracking application. 
Accounts 

The Secure Electronic Deposit Box System is an account based Web application. A user 
10 becomes an Account Holder free of charge by filling in and submitting Web forms, 

which are generated by the CGI application at the heart of the System. The data 
submitted via these form are processed by the CGI application, which stores the 
information in a record stored in the Secure Electronic Deposit Box System database. At 
this point, a basic authentication account is also created, so that the Web server software 
15 requires the user to type a username and password in order to access their account. The 

username is chosen by the user, the password is randomly generated by the CGI 
application, which sends the username/password to the user via email. All information 
passed between the Secure Electronic Deposit Box System and Account Holders or 
Invited Participants is securely encrypted via the SSL (Secure Socket Layer). 

20 'Electronic Deposit Box' 

Once a user has created an account for themselves, they can create as many Secure 
Electronic Deposit Box entities as they like by clicking a link on the Web interface 
generated by the CGI application. 

The 'secure electronic deposit box* is a virtual entity consisting of a combination of 
25 data stored on a Database (Relational Database Management System), and storage 

space situated on the discs of the Secure Electronic Deposit Box System server to 
actually store the documentation. The creation of this virtual entity, by creating records 
on the database and allocating storage space on the servers disks, controlled by the CGI 
application, in response to the Account Holder input via the Web interface. 

30 The database is used to store information about the user who holds the accounts, other 

users who are allowed access to the accounts by the main user, and scheduled event 
information relating to the SEDB. This information is entered by the account holder via 
Web forms and processed by the CGI application. 
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There is a charge for each SEDB created, which can be paid for instantly by online credit 
card transaction provided by a third party, or by requesting an invoice or bankers order. 
Online verification of the Credit card numbers is performed via a third party credit card 
verification system. 

5 As part of the process of creating and paying for their first SEDB, the user applies for 

and installs a Digital Certificate onto their Web browser. Subsequent transfer of data 
between the user and the Secure Electronic Deposit Box System server is then protected 
by this digital certificate, so that there is no possibility of unauthorised access to the 
documentation or database records held on the server. 

1 0 Uploading data 

Uploading of data onto the system is done via a web interface, using the standard HTML 
<INPUT TYPE="file"> input element The Account Holder or Invited Participant 
navigates to the appropriate Web page, and clicks a 'Browse* button on the Web form, 
causing a dialogue box to appear asking the user to select a file located on a local disk or 
15 local network server. This file is then securely encrypted using the private key on the 

Account Holder or Invited Participant's Digital Certificate and uploaded to the Secure 
Electronic Deposit Box System server. 

The CGI application is responsible for writing the uploaded file to the appropriate 
location on the server disk (this area of disk space can be thought of as the storage 
20 component of the Secure Electronic Deposit Box), and updating the database to reflect 

the change in status of the Secure Electronic Deposit Box. 

Downloading data 

In order to download documents held in a Secure Electronic Deposit Box, the Account 
Holder or Invited Participant navigates to the appropriate Web page (generated by the 
25 CGI application) where they are presented with a list of the documents held in the 

Secure Electronic Deposit Box to which they are currently allowed access. They then 
click on a hyperlink which initiates a securely encrypted HTTPS file download. Most 
Web browsers will ask the Account Holder or Invited Participant to choose a location on 
their computers* disks or local network where ihey wish to save the file. 

30 'Events' 

The Secure Electronic Deposit Box System is not merely a passive application, requiring 
direct user interaction in order to provide it's functionality. The event tracking system 
allows account holders to set time limits on each of their SEDBs regarding when and 
how other users can access them, by entering the information into Web forms and 
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submitting them. The CGI application is responsible for writing this information to the 
database. 

The Secure Electronic Deposit Box System Time Tracking System 

The Secure Electronic Deposit Box System's unique event-tracking system is 
5 constructed in the following way in order to reduce overload on a system which may 

consist of many thousands of user accounts: 

At predetermined intervals e.g. 24 hours, when the server is likely to be quietest, the CGI 
application searches all of the SEDB records stored on the database. This is done by 
activating the CGI application using a standard scheduling tool, for example the *cron' 

10 daemon found on most UNIX systems. From this search, a table is dynamically 

generated within the database of all events which are to take place the following day. 
This daily event table is consulted at a predetermined regular intervals (say 15 minutes) 
by the CGI application to determine whether the scheduled time for that event has 
elapsed. If so, the event is executed, and upon completion of successful execution, the 

15 entry is deleted from the daily event table. 

If there is an error in the execution of the daily event table task, then that event remains 
on the table, and is attempted at the predetermined intervals. If the event has not 
successfully executed by the end of the day, it as carried over into the next days daily 
event table, and continually attempted until a predetermined time after the originally 

20 scheduled time (say, 24 hours) after which an email message informing the user is sent 

Activity Log 

A log is kept of all significant activity on the system. 'Significant activity' can be: 

• A new user creating an account 

• A user logging onto the system 

25 • A user uploading a piece of documentation 

• A user downloading a piece of documentation 

The log data is stored another table within the Secure Electronic Deposit Box System 
database system by the CGI application. The CGI application provides a Web interface 
to the Secure Electronic Deposit Box System which has links which allow the Secure 
30 Electronic Deposit Box System account holder to easily search and view activity relating 

to all their SEDBs, or one particular SEDB. 

Access to each Secure Electronic Deposit Box may be for a predetermined period, for 
example one year. This can be extended on request. If the Account Holder does not 
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wish to extend this period, he can get send a request to the CGI application for an 
archive of the Secure Electronic Deposit Box, The CGI application then: 

• Exports the log activity pertaining to the SEDB to tab-separated text, compresses it 
together with all the data held within the SEDB, and send it to the Account Holder as a 
5 email attachment, or makes it available for http file download. 

Payment 

Account holders pay a fee for each Secure Electronic Deposit Box they create, Invited 
Participants pay for each Digital certificate they install allowing them access to a 
specific SEDB created by the account holder. Payment is facilitated in the following 
10 ways - 

Online credit card verification - payment for the creation of new Secure Electronic 
Deposit Boxes is facilitated by the CGI application, which passes the user to a Web 
driven third-party credit card verification system. 

'Voucher* system -a variation of the above scheme, the Account Holder can request 
15 and pay for, via the third-party credit card verification system described above, for a 

certain amount of credit- The CGI application would record the amount of credit 
purchased on the database, and debit from this amount every time the Account Holder 
created a new SEDB. 

Invoice or bankers order - the CGI actions this method of payment by generating an 
20 email message which is directed to parties responsible for financial administration of the 

Secure electronic Deposit Box System. 

In one embodiment of the present invention, there is provided a 
tendering/bidding/auctioning, secure document deposit and exchange service, which 
may comprise the following steps: 

25 Buyer/Seller accesses Vault website 

System Email address validated automatically 

User Creates user name and password. 

Requests a Digital Certificate providing unique identification information 
Credit card payment actioned online 
30 Optional prepayment system 

User registers others they wishes to have access to deposited documentation/information. 
Lodges Documentation/information 
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Sets date and time for their access to others documents 
Emails or otherwise notifies invited participants. 

Email Invitation forwarded by SSL, contains unique safety deposit location. 
Invited participants access site address provided 
5 Participants create user name password. 

Enter information corresponding to that logged by Buyer/Seller. 
Provided matches Participant purchaser Digital certificate 
Participant gains access to store data and withdraws it. 

On completion of documentation invited participants, prior to the date and time set by 
10 the Buyer/Seller, return date using Password and user name for entry to the Vault. 

Their Digital certificate is automatically checked and if OK they are allowed to deposit 
documentation. 

At the time and date set by the buyer further access by invited participants is refused and 
the buyer may access the data and extract it. 

15 All transactions are registered and an audit log of all activity produced. 

Every time a transaction is carried out an email confirmation is forwarded to both the 
buyer and the invited participant. 

Reminder notices are transmitted to participants and Buyer/Seller at various stages of the 
process when no activity has been actioned. 

20 According to a second embodiment of the present invention, there is provided an 

electronic safety deposit box which may be created and accessed by the following 
method: 

Log on web site 

Create user name password 

25 Request Security box. 

Pay using Credit Card 

Requests Digital Certificate - providing information to verify user. 

Opens security box and deposits data files. 

Exits 

30 To re-enter 
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Visits Vault web address 
Inserts password and user name 

Certificate is automatically checked and access allowed. 
Access to Safety deposit box is available for up to one year 
5 Data may be stored for longer on request 

Insurance may be purchased on line 

Additional storage space may be requested and paid for online. 

It will be understood that the electronic safety deposit box, according to the second 
embodiment provides the user with a means for backing up various digital information, 
10 for example digital photographic images. 

It will be appreciated that the embodiments of the invention hereinbefore described are 
given by example and are not meant to limit the scope of the invention in any way. 

It will be particularly appreciated that the invention provides the necessary levels of 
security for the storage of important electronic data at low cost and without any need for 
15 proprietary or bespoke software hardware. All that is required is a personal computer, an 

Internet connection and a standard web browser. The invention mirrors the paper based 
procurement process and allows buyers and suppliers to action business with full 
confidence in the security of the date the share/transmit or deposit. 

The transfer of documentation in a secure manner over the Internet in situations 
20 involving several parties, and where there is a need for absolute confidentiality of data 

and for deadlines to be observed, for instance during public sector procurement tender 
processes, during online auctioning/bidding is now possible. 

Use of the Secure Electronic Tender Box, a virtual entity which is a combination of 
dynamically-stored data and Web server storage space and protection of the contents of 
25 said Electronic Deposit Box by Digital Certificates and username/password login, 

ensuring data confidentiality, data integrity, non-repudiation and proof of origin and 
receipt. Facilitating of accounts which allow users (referred to in this document as 
Account Holders) to create one or more Electronic Deposit Box. 

The Secure Electronic Deposit Box System Account holders are able to create tables of 
30 other users ('Invited Participants') who may have varying levels of access to the 

information contained in the Electronic Tender Box either all of the time, or at certain 
time predetermined by the Account Holder, this facilitated by the event-tracking system. 
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Ability of users (both Account Holders and Invited Participants) to store any kind of 
computer file on the system. 

No specialised software or hardware required by any user - just a personal computer, a 
Version 4.x or above Web browser and an Internet connection. 

5 The integration of online credit card verification and payment with that system, together 

with optional prepaid Voucher payment system. 

Time and date stamped activity log. 

Ability of Account Holder to archive and have sent to themselves all data relating to a 
time-expired Secure Electronic Deposit Box. 

10 It will be appreciated that various embodiments of the present invention may provide 

one or more of the following advantages: 

Online Intranet/Internet software solution 

On line credit card payment and processing 

Optional prepaid Voucher payment system 
15 Online issuance of Digital Certificate 

secure electronic safety deposit box with various levels of security 

Data confidentiality 

Data Integrity 

Data Authentication 
20 Non repudiation and proof of origin and receipt. 

Participants email address verification. 

Access restricted/authenticated by Password and Digital certificate 

Messaging protected by Secure Socket layer transmission. 

Password protected entry control to Vault 

25 Digital Certificate entry control for access to individual electronic Safety Deposit boxes 

Registered holder of Safety Deposit box registers and invites all participants. 

Participants selected are notified by SSL email, which contains details of a randomly 
generated website address for additional security. 

No transaction can be executed without having the users Digital Certificate validated 
30 Individual Digital certificate for each participant. 
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Digital Signatures can be used in place of Digital certificates 
Real time audit log 
24 hour access 

optional time controlled access for document with-drawl 
5 Action response messaging confirmations. 

Multiple or singular entry access 

Invitation and Validation of invited participants is controlled by Security Box key 
holder/renter. 

Participants colour coded in transaction log. 
10 Time and date stamped activity log 

Time and Date access controlled. 
Stores securely all electronic data in all formats 

Process mirrors paper based public and private sector tendering processes 

Provides for bidding (price competition) process and auctioning within a secure 
15 environment to validated and invited participants. 

Allows for multiple access and document networking 
Allows for simple deposit and storage. 

Requires no hardware software other than a standard Personnel Computer, Internet 
Access and web browser. 0 
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